In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution.
References
Link | Resource |
---|---|
https://www.boho.or.kr/kr/bbs/view.do?bbsId=B0000133&nttId=71008&menuNo=205020 | Third Party Advisory |
Configurations
History
08 Nov 2023, 02:44
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.boho.or.kr/kr/bbs/view.do?bbsId=B0000133&nttId=71008&menuNo=205020 - Third Party Advisory | |
First Time |
Yettiesoft
Yettiesoft vestcert |
|
CPE | cpe:2.3:a:yettiesoft:vestcert:*:*:*:*:*:*:*:* | |
CWE | CWE-829 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
30 Oct 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-30 07:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-45798
Mitre link : CVE-2023-45798
CVE.ORG link : CVE-2023-45798
JSON object : View
Products Affected
yettiesoft
- vestcert
CWE
CWE-829
Inclusion of Functionality from Untrusted Control Sphere